Augur, one of the most popular, valuable and early crypto tokens, was written in a computing language, Serpent, now considered less secure than the current, more popular language, Solidity.

On Tuesday, Augur and Zeppelin Solutions, a blockchain and smart contracts auditing firm, announced that Serpent was found to contain a critical vulnerability leaving Augur's $200 million worth of tokens at risk. However, a fix to repair it is already underway.

The process to secure the existing tokens involves rewriting the smart contract for the REP token in Solidity, using OpenZeppelin’s ERC20 token contracts, which have already been extensively audited. (The ERC20 standard is what has easily enabled the proliferation of a number of new tokens.)

Current holders of REP, Augur’s token, remain unaffected, as a migration of all REP balances from the old contract to the new Solidity contract is underway and should take a few hours. Exchanges who have confirmed that they will update their software to use the new contract include Poloniex, Kraken, Bittrex, Jaxx, Shapeshift, MyEtherWallet and MetaMask, among others.

Zeppelin Solutions said as far as they know, it does not affect other tokens.

In a blog post, the Augur team said it is transferring all of its smart contracts over to Solidity, a process which will take six weeks. They wrote, “The migration will be a simple translation from one language to another. This is a straightforward process, similar to translating a document written in English into another language you’re fluent in, then running your translated text through a series of tests to ensure nothing was lost in translation.”

In a blog post announcing the news, Zeppelin Solutions wrote, “Serpent should not be considered safe to use unless its many problems are fixed. We recommend all projects using contracts written in Serpent to migrate to Solidity using a similar mitigation plan as the one proposed above.”

The news comes on the heels of a recent $32 million hack of wallets written in the language Parity, and amid awareness that regulators, such as the Securities and Exchange Commission, will be more vocal in guiding a space that has largely been unregulated as initial coin offerings, or token sales, have exploded over the first half of the year.

Zeppelin Solutions discovered the vulnerability when Augur hired the company to perform an audit on it, with the results announced here. Their study prompted Ethereum founder Vitalik Buterin to tweet, "PSA: I now consider Serpent outdated tech; not nearly enough safety protections by current standards."

Basically, an attacker could have changed the token creation timestamp to a date far into the future, disabling transfers of the token. “Today, the Augur team intentionally triggered the vulnerability, increasing the creation timestamp by about 31 billion years. The old Serpent REP contract is now frozen: REP transfers can no longer be carried out using the old contract,” wrote Augur.